Kirsten Whitfield

Currently I lead multi-national DPO services teams for a variety of clients operating across a wide range of sectors. This includes for clients such as Mitsubishi Tanabe (pharma), Conduent (business process outsourcing, transport technology, call centres and health tech), Figma (digital design and build), Data Axle (data management and marketing) and Viasat (telecommunications and satellite).

I support clients across a broad spectrum of data protection compliance. This includes data protection audits, data and systems mapping, international data transfers (strategic advice and transfer mechanisms including standard contractual clauses, binding corporate rules and transfer impact assessments), data protection impact assessments (including when developing and using AI products), data subject requests and complaints, contracting (data processor clauses, controller data sharing terms, strategy and market positioning), data breach workshops and incident response policies and playbooks.

Building on my background of IT contracting and data protection governance, I help clients find actionable and pragmatic solutions for tackling the ever expanding breadth of EU digital regulation such as the AI Act, Cyber Resilience Act, Critical Entities Resilience Directive, NIS 1, NIS 2 and the Data Act. 

I co-head our Cyber Breach team. Clients highly value my pragmatic and measured approach which is backed by years of experience of handling hundreds of incidents, including large scale multi-national incidents notifiable in jurisdictions around the world. 

Supporting clients through incidents over the years led to recognition that clients needed a robust way to assess and manage incidents and keep a reliable evidence trail. This led to my playing a leading role in developing Fieldfisher's Data Compliance Manager tool which includes GDPR, UK GDPR and NIS 2 incident assessment and management tools.

I regularly work with our Fieldfisher fraud and misconduct investigations experts, helping clients avoid inadvertently breaching data protection law when investigating breaches of the law. 

I was recognised as a stand-out lawyer in Thomson Reuter's 2025 rankings.